A lack of due diligence with cybersecurity can lead to hefty financial penalties, lost business and productivity, regulatory fines and litigation. But cybersecurity starts with executive buy-in. Without it, the program will have no direction to succeed.